Windows XP Won't Go Quietly

With Microsoft's end-of-life deadline for Windows XP just three months away, three out of four IT pros still must support the OS.

7 Mistakes Microsoft Made In 2013

(click image for larger view and slideshow)

Step right up, place your bets. How many computers will still be running Windows XP come April 8?

That's the fast-approaching day that Microsoft will stop supporting XP, its most popular operating system ever until Windows 7 came along. And that means no more updates, no more bug fixes, and -- perhaps most important of all -- no more security patches.

The new year kicked off the final countdown, but not everyone is in a huge rush to leave the aged OS behind. XP usage dropped from roughly 39.5% of PCs at the start of 2013 to just under 29% at year's end, according to Net Applications data. That's a steady decline, but hardly spells the actual end of XP. Even a much faster rate of falloff -- say, three percentage points per month between now and April -- would mean roughly one in five PCs worldwide will still be running XP after Microsoft shuts off support.

These aren't just laggard consumer desktops collecting dust in living rooms and home offices, either. Some 76% of IT professionals reported in a recent survey they still support at least some XP machines in their corporate environments. And while plenty of them are scrambling to upgrade to Windows 7 or higher, 36% reported that they plan to leave at least some of their existing XP systems in place after the April support cutoff. The poll conducted by Spiceworks included 1,300 IT pros, most of them working in the US.

So, what gives? Moreover, what's in store for XP diehards come April 8?

"If businesses have not yet migrated [from] Windows XP, it is not because they do not want to but because they have many internal barriers," Techaisle CEO Anurag Agrawal said in an email interview. Agrawal's examples of those barriers echo many of the reasons some businesses are essentially ignoring Microsoft's support cutoff: budget, hardware, and application compatibility; strapped IT resources; user availability and training; and so on.

Most folks paying attention agree there are potential risks in running an unsupported OS: Security, compliance, performance, driver support, and others. Yet ask enough those folks -- IT pros, security experts, analysts, business owners, and so on -- what they think will happen to XP users after April 8 and you'll get responses ranging from "scorched earth" to "no big deal." Then again, no one really knows exactly how it will play out.

We're about to find out, though, because XP's not going to disappear in the next three months. Brian Burch, VP of global consumer and small business marketing at Symantec, noted that current XP usage "means many people have yet to transition" even with the end-of-support date so close at hand. Burch said consumers, in particular, should upgrade as soon as possible. But he added that such upgrades can be less straightforward for businesses.

"Occasionally, there are circumstances that make it very difficult to upgrade systems," Burch said in an email to InformationWeek. "For example, Windows XP is often used for industrial control systems that have long lifecycles and low downtime or critical applications that need redeveloping."

For organizations planning to keep XP in use post-April 8, Burch advised taking steps to minimize the downside. For instance: "If you have a system that can't be upgraded, look at lockdown technology to only allow the functions that are needed by the system and prevent others," Burch said. "This can protect the system and reduce the need for patching."

System is a good word choice. While OS usage stats like those above typically focus on PCs, XP in fact powers much more than desktops and laptops. Thousands of ATMs are powered by XP, for example -- as many as 75% of ATMs in the US alone, according to one industry estimate last July.

Indeed, XP is "a platform used in all manner of embedded devices," Chester Wisniewski, senior security advisor at Sophos, said in an email to InformationWeek. He expects the end of XP support to be just one milestone in a much larger security trend driven by the Internet of Things and other factors. "We are all putting in place far more technology to support every aspect of our everyday lives," Wisniewski said.

As a result, OS fragmentation, support cutoffs, and related issues aren't simply a matter of PCs or even mobile devices. If you think XP desktop users are behind the times, consider some less visible technologies. "It has been said that the embedded devices in the [power and utilities] industry are 15 years behind the mainstream desktop environment, but now many of these embedded devices with similar security challenges are making their way into every aspect of our personal and professional lives," Wisniewski said. In other words, XP's so-called "end of life" may be just a beginning.

"Many have talked about the Internet of Things but have yet to consider the huge variation in operating systems, platforms, and subsequent security issues," Wisniewski added. "We will see far more of this over the next couple of years."

So, what will happen to XP machines -- not to mention the corporate networks they connect to -- on April 8? Security apocalypse? Business as usual? Somewhere in between?

Step right up, place your bets.

Kevin Casey is a writer based in North Carolina who writes about technology for small and midsized businesses.

Too many companies treat digital and mobile strategies as pet projects. Here are four ideas to shake up your company. Also in the Digital Disruption issue of InformationWeek: Six enduring truths about selecting enterprise software. (Free registration required.)

I hadn't thought about all the retail and banking systems that still run XP now, and certainly will still be running XP on April 8th. Unlike Y2K, it seems like a lot of people who should know better are completely ignoring this. I'm going to make sure I have a little extra cash on hand, and plenty of milk and eggs in the fridge when the fateful day arrives. Now, I'm glad my motherboard cracked late last year and my new machine sports Windows 7, not that it can do ANYTHING better that XP did.

Are you forgetting that we have just come out of the worst recession since 1929? Many businesses have barely survived and do not have the resources to upgrade at this point. Even the best laid plans have gone asunder during these tryin times.

Very true. XP definitely still visible in consumer retail/hospitality contexts. Oleg Moskalensky, an IT pro I interviewed for a different XP story last summer, shared this photo (via Google+) soon after that piece ran:

XP will not be going anywhere soon. There is far too much banking, security, point of sale, ATM and custom, business specific software out there that has not been ported to Windows 7 or 8 for the countless reasons littering forums across the web. And Microsoft doesn't care. This EOL for XP is simply their embarrassing last ditch effort to force you to buy their next dysfunctional and woefully inadequate operating system. I believe these survey numbers are a bunch of crap as well, another attempt to influence upgrades through the illusion that others are already doing it. They are not. It would be interesting to hear from the Banking industry directly, what are your plans to "upgrade"? I still see A LOT of XP out there, and I don't see these business applications moving. Nor do I see Microsoft offering to help their customers move. All they offer is to charge you more money for more of their crapware. They sell a product, NOT solutions. Why consumers will give their hard earned money to a corporation that handles their customers this way is beyond me. I guess perhaps the same reason that Americans refuse to get off their butts and vote, even thought their government is running wild and fleecing them through taxation and grossly violating their privacy and civil rights. Apparently, Americans like being slapped around and abused... Anyway, if you need to continue running XP, there are several ways to sandbox the system via virtualization; run it as a VM on a secure platform, like Linux. Another good option is using products like DeepFreeze to protect the system "image" . Taking systems that do not need internet acess off the network will greatly increase security. Installing hardware firewalls in front of those that need internet access and locking down any port not actually in use will help as well. Ultimately, you really need to look at another OS eventually, and Linux has some great candidates that are well supported, like Ubuntu or Mint, as well as well known distros like Redhat and Cent. Lots of altenatives out there... you do have a choice.

@gfouts15, 29% of the computers in the world still run Windows XP. This is close to 600 million machines. How could this still be? XP is not obsolete just because Microsoft says it is. So you propose spending let's say $500 per machine for this hotel? Remember now that Win7/8 machines do exactly the same thing that currently happily running XP machines do. What does the $500,000 get for the hotel's bottom line? Hey, I agree with you but for those that count the pennies it's not so clear on the benefits. They usually choose to replace/fix when broken.

I use Robolinux a very professional, user friendly OS, which provides a highly innovative one click XP virtual machine installer . The best part is since all the XP data resides inside the Robolinux partition, XP is 100 % immune to viruses and malware. This is an excellent solution for those who cannot afford to upgrade or cannot upgrade.

So tell me, when someone installs all these Windows machines (or any other software for that matter), do you expect you will not have to switch them out at some point, maybe in 10 years?! If you are stuck with limited budget, do the Executives understand this issue? Did long term planning for this scenario ever take place? It isn't a matter of having money as everyone complains about budgets. The issue is planning for obsolesence which is a really big deal and apparently a pretty common oversight.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.